| ▲ | insanitybit 2 hours ago | |||||||||||||||||||||||||||||||
What a state of things where we have to fear installing software, and rely on vendors to scan things ahead of time, because our supply chain is such a mess and our tooling is so incapable of (and uninterested in) protecting us. | ||||||||||||||||||||||||||||||||
| ▲ | Insimwytim 2 hours ago | parent | next [-] | |||||||||||||||||||||||||||||||
You cannot call it a supply chain, if you have zero contractual relationships with the authors of the solutions you are using. | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||
| ▲ | madeofpalk 2 hours ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||
What would a solution to this look like? What would it take to not fear installing software? This isn't a npm problem, its a computing problem in general. Spaces like this are generally pretty against any sort of restrictions or limitations being put on computers under the name of safety (see Manifest v3) | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||
| ▲ | sunaookami 2 hours ago | parent | prev [-] | |||||||||||||||||||||||||||||||
No way to prevent this says only package manager where this regularly happens. | ||||||||||||||||||||||||||||||||